XSS in E-commerce Cradle

CVE-2026-3319

Reflected Cross-Site Scripting (XSS) in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /collection/. Exploitation of this vulnerability would allow…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.001 (19.5th percentile) — read the EPSS interpretation.